mirror of
https://github.com/github/codeql.git
synced 2025-12-29 15:16:34 +01:00
37 lines
913 B
XML
37 lines
913 B
XML
<!DOCTYPE qhelp PUBLIC
|
|
"-//Semmle//qhelp//EN"
|
|
"qhelp.dtd">
|
|
<qhelp>
|
|
|
|
|
|
<overview>
|
|
<p>
|
|
The Enterprise JavaBeans 3.0 core specification, Section 21.1.2, states:
|
|
</p>
|
|
|
|
<blockquote>
|
|
<p>
|
|
The enterprise bean must not attempt to create a class loader; obtain the current class loader;
|
|
set the context class loader; set security manager; create a new security manager; stop the
|
|
JVM; or change the input, output, and error streams.
|
|
</p>
|
|
<p>
|
|
These functions are reserved for the EJB container. Allowing the enterprise bean to use these functions
|
|
could compromise security and decrease the container's ability to properly manage the runtime environment.
|
|
</p>
|
|
</blockquote>
|
|
|
|
</overview>
|
|
<references>
|
|
|
|
|
|
<li>
|
|
<a href="http://jcp.org/aboutJava/communityprocess/final/jsr220/index.html">
|
|
JSR-220 Enterprise JavaBeans 3.0 Final Release</a> (ejbcore),
|
|
Section 21.1.2 Programming Restrictions
|
|
</li>
|
|
|
|
|
|
</references>
|
|
</qhelp>
|